This post is not encouraging any king of Malicious activities. This is intended to education purpose only. Any one can use this code with their own risk. Developer is not responsible for any bad activities.

Assumption
———
1.ASP.Net application is having File Upload vulnerability.
2.We grabbed usename,password,dbname,servername of the Database or we can directly use Connection String from Web.config in this case no need to add those fields.

For using this technique we should find the File Upload vulnerability in Asp.net application.

If we want to create a DB Backdoor we should know the Database Server. Mostly ASP.NET will use MS SQLServer as Database. Some times it can be MySQL, SQLite or Oracle etc.

Developer should identify which Database server is used by Vulnerable web application.

Let’s get started.

1. Create a aspx page
First we need to create aspx page without code behind c# page. We are going to use inline asp.net code in the design page itself.